hfs: add sanity check for file name length
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 14 Nov 2011 14:52:08 +0000 (17:52 +0300)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 15 Nov 2011 16:29:42 +0000 (14:29 -0200)
On a corrupted file system the ->len field could be wrong leading to
a buffer overflow.

Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/hfs/trans.c

index e673a88b8ae7560b14796b611aa57b267193411f..b1ce4c7ad3fb4f33e12ff4c8e320368b851e52c8 100644 (file)
@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in)
 
        src = in->name;
        srclen = in->len;
+       if (srclen > HFS_NAMELEN)
+               srclen = HFS_NAMELEN;
        dst = out;
        dstlen = HFS_MAX_NAMELEN;
        if (nls_io) {